# `Attesto.SecureCompare`
[🔗](https://github.com/XukuLLC/attesto/blob/v0.13.0/lib/attesto/secure_compare.ex#L1)

Constant-time comparison of two binaries.

Used wherever an attacker-controlled value is checked against a secret
or a derived digest (a DPoP `ath`, a PKCE challenge) and a
short-circuiting `==` would leak information through timing.

# `equal?`

```elixir
@spec equal?(binary(), binary()) :: boolean()
```

Returns `true` iff `a` and `b` are byte-identical, comparing in
constant time.

`:crypto.hash_equals/2` requires equal-length inputs, and at least one
operand here is attacker-controlled, so the length is gated first. The
length check is not itself timing-sensitive in the cases this is used
for: the operands are fixed-length base64url digests, so a length
mismatch only ever means a malformed input, not a near-miss secret.

---

*Consult [api-reference.md](api-reference.md) for complete listing*